CLSA-2025-1754939966 Fix CVE(s): CVE-2025-48386

SECURITY UPDATE: security vulnerability in package - debian/patches/CVE-2025-48386.patch: fix buffer overflow in wcsncat caused by off-by-one error and length not accounted for in wcsncat calls - CVE-2025-48386...

CVE-2025-8835

A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jasimagechclrspc of the file src/libjasper/base/jasimage.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack...

UBUNTU-CVE-2025-8835

A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jasimagechclrspc of the file src/libjasper/base/jasimage.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack...

Pixel Watch Security Bulletin—May 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Watch Security Bulletin contains details of security vulnerabilities affecting Pixel Watch devices Google Devices. For Google devices, security patch levels of 2025-05-01 or later address all issues in this bulletin and all issues in the May 2025 Android Security Bulletin and all issues...

CVE-2025-55013

The CVE-2025-55013 issue affects Assemblyline 4 Service Client. The task_handler.py component accepts a SHA-256 value from the server and uses it directly as a local filename, enabling a path traversal when the server (or a MITM) returns a payload like ../../../etc/cron.d/evil. This can cause the...

OESA-2025-1978 libtiff security update

This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...

Security update for dpkg

This update for dpkg fixes the following issues: CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. bsc1245573 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

CVE-2025-51532

Incorrect access control in Sage DPW 202412004 and earlier allows unauthorized attackers to access the built-in Database Monitor via a crafted request. The vendor has stated that the issue is fixed in 202506000, released in June 2025...

Important Photon OS Security Update - PHSA-2025-4.0-0848

Updates of 'libtiff' packages of Photon OS have been released...

CVE-2025-32430

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-3 through 16.4.7, 16.5.0-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, two templates contain reflected XSS vulnerabilities, allowing an attacker to execute...

CVE-2025-38430 affecting package kernel for versions less than 6.6.96.1-1

CVE-2025-38430 affecting package kernel for versions less than 6.6.96.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-49180 affecting package xorg-x11-server-Xwayland for versions less than 24.1.6-2

CVE-2025-49180 affecting package xorg-x11-server-Xwayland for versions less than 24.1.6-2. A patched version of the package is available...

CVE-2025-5455 affecting package qt5-qtbase for versions less than 5.12.11-18

CVE-2025-5455 affecting package qt5-qtbase for versions less than 5.12.11-18. A patched version of the package is available...

CVE-2025-49179 affecting package xorg-x11-server for versions less than 1.20.10-16

CVE-2025-49179 affecting package xorg-x11-server for versions less than 1.20.10-16. A patched version of the package is available...

Security update for grub2

This update for grub2 fixes the following issues: CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grubcryptomemcmp bsc1234959 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

CVE-2025-5061

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpieparseuploaddata' function in all versions up to, and including, 3.9.29. This makes it possible for authenticated attackers, with Subscriber-level access and above...

ACPICA: fix acpi parse and parseext cache leaks

...

s390/pkey: Prevent overflow in size calculation for memdup_user()

...

CVE-2025-8548

A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java of the component Registered Email Handler. The manipulation of the argument email lea...

CVE-2025-54387

IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 and below, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, the approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path...